The most comprehensive student privacy law is the federal Family Education Rights and Privacy Act (FERPA), which was enacted in 1974 when educational records were generally physically static and contained a limited number of data points about students. While technology has drastically changed during the last 40 years, FERPA has not been amended to account for these innovations.

Many electronic learning tools collect a tremendous amount of metadata about students, and some of this information may be highly sensitive. Since most of this information isn’t inserted into an official school file, it isn’t considered an educational record under FERPA and is therefore not protected. As Kathleen Styles, the U.S. Department of Education’s chief privacy officer, has said, “I don’t think it’s necessarily an easy decision, what is and what is not the ‘educational record.’… It’s very contextual. A lot of metadata won’t fit as an educational record.” This admission by the person charged with protecting our students’ privacy clearly demonstrates that more needs to be done to better protect the personal information of students.